[ZODB-Dev] CHAP with ZEO
Tino Wildenhain
tino@wildenhain.de
Wed, 23 May 2001 12:00:13 +0200
Hi Michel,
--On Montag, 21. Mai 2001 20:55 -0700 Michel Pelletier
<michel@digicool.com> wrote:
> On Mon, 21 May 2001, A.M. Kuchling wrote:
>
>> On Mon, May 21, 2001 at 08:31:24PM -0600, Bill Anderson wrote:
>> > IOW, "It's less than perfect, so we shouldn't do it" is a worse policy
>> > than providing minimal capability. And that seems to be the policy I am
>> > seeing here.
>>
>> True, and the Python community does tend to err too muuch toward
>> perfection, but in this case it seems that using a more secure
>> protocol wouldn't be too big a leap. Heck, M2Crypto provides a fairly
>> complete OpenSSL wrapper
>
> I looked at that, at first thinking I could just use openSSL's TLS, but
> the M2Crypto package is very young, it warns of memory errors,
> requirements for odd version of SWIG, doesn't metnion any TLS
> documentation, etc. It seemed a higher risk to me than just using your
> MD5 hash algorithm and a simple, well understood challenge protocol to
> provide simple authentication.
>
> Of course ssl and tls are way more secure, but at the moment seem to
> intoduce some additional risk in the form of M2Crypto.
Why using M2Crypto? Python2.1 brings ssl in socket-library
Regards
Tino Wildenhain